Use of mobile device to configure a lock

ABSTRACT

Methods, devices, and systems are provided for configuring a reading device and/or a lock using a mobile device. The mobile device, running a configuration application, communicates with the reading device, determines a configuration of the reading device, and makes a determination for configuring the reading device based at least partially on configuration information provided by the reading device.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application claims the benefits of and priority, under 35U.S.C. § 119(e), to U.S. Provisional Application Ser. Nos. 62/164,101,filed on May 20, 2015, entitled “Configuration Reporting”; 62/198,236,filed on Jul. 29, 2015, entitled “Reader Setup/Rekeying with DedicatedCard”; and 62/198,226, filed on Jul. 29, 2015, entitled “Use MobileDevice to Configure a Lock.” The entire disclosures of the applicationslisted above are hereby incorporated by reference, in their entirety,for all that they teach and for all purposes.

FIELD

The present disclosure is generally directed to access control systemsand more specifically to devices that are configured to provide accessinformation for access control systems.

BACKGROUND

In general, access control systems rely upon lock and key principles togrant or deny access to a secure asset. Whether the keys are configuredas physical keys presented to a mechanical lock or virtual keyspresented to an access control unit, most keys include specific featuresor characteristics that are either recognized by or match lock featuresbefore access is granted to the asset. Some access control systemsemploy the use of various portable devices to maintain credentialinformation for presentation to a reading device. The portable devicesare generally configured to communicate with the reading device viawireless communication protocols.

At times, locks and/or reading devices are configured to, among otherthings, update installed firmware, software, settings, features, etc. Insome cases, configuring a reading device may include adding, replacing,and/or removing keys or portions thereof from the reading device. Inanother example, a reading device may be configured for operation byinstalling a key set or a portion of the key set, authorized key list,blacklist, etc., onto a memory of the reading device. Configuring areading device, especially one without a keypad, can require a physicalconnection to the reading device, a dedicated configuration tool, and acumbersome configuration procedure.

SUMMARY

It is with respect to the above issues and other problems that theembodiments presented herein were contemplated. In general, embodimentsof the present disclosure provide methods, devices, and systems forconfiguring a reading device and/or a lock using a mobile device. Insome embodiments, the mobile device may include a non-transitorycomputer readable medium with a configuration application storedthereon. The configuration application may be run by a processor of themobile device and configured to setup, initialize, activate, deactivate,update, or otherwise configure a reading device and/or a lock in anaccess control system. By way of example the configuration applicationmay be configured to update firmware in a reading device using themobile device. In another example, the configuration application may beused to interrogate a particular reading device and determine aconfiguration and/or programming associated with the reading device.

In one embodiment, the reading device may provide configurationinformation to the mobile device. The reading device may provide thisinformation in response to an interrogation signal provided by themobile device. The interrogation signal may include a key,identification, and/or other code that is configured to authorize themobile device for configuring the reading device. In some cases, themobile device may be authorized (e.g., via authentication and/orverification, etc.) by the reading device before the reading deviceprovides the configuration information. This authorization may includethe reading device and/or the mobile device communicating with a trustedcredentials management system. Upon receiving the configurationinformation from the reading device, the mobile device may configureand/or program the reading device.

In some embodiments, templates may be used for programming various typesof access points, reading devices, locking systems, doors, etc. Forexample, a particular type (e.g., style, make, model, manufacturer,asset protection level, etc.) of access point may include a readingdevice and locking system having a defined set of features. This definedset of features may include a number of features that are unique to thetype of access point. As such, a template may be configured for theparticular type of access point that, among other things, allows forquick and easy configuration by an administrator using the mobiledevice. The templates may be stored in a memory of the mobile device, amemory of the reading device, on a remote memory, and/or associated witha remote server. In any event, the templates may be loaded by theconfiguration application running via the mobile device. In oneembodiment, the configuration information provided by the reading devicemay be used (e.g., by the mobile device, etc.) to determine anappropriate template for use by the configuration application.

It is an aspect of the present disclosure that information about readingdevice configurations, such as the configurations made via a mobiledevice and the configurations of reading devices interrogated by amobile device, may be communicated to an access server, a communicationdevice, or other system/third party. In some cases, this information maybe stored in a memory associated with the mobile device, communicationdevice, server, etc. Among other things, this information may providedata regarding what types of reading devices have been configured and inwhat type of way the reading devices were configured. Additionally oralternatively, this information may be used to map a configurationassociated with one or more reading devices in an access control system.In some embodiments, the configuration information associated with oneor more reading devices, doors, access points, etc., may be stored in aneasy-to-access memory location. For instance, the configurationinformation may be stored as a database in the cloud or a remote serverplatform. In any event, the configuration information may includeinformation for how access points (e.g., reading device, doors, etc.)are setup. Additionally or alternatively, this configuration informationmay be accessed and used to setup other access points in the accesscontrol system (e.g., via a mobile device, etc.).

In some embodiments, the mobile device may be configured to communicatewith one or more reading devices via any number of communicationsprotocols associated with the mobile device. Examples of communicationsprotocols can include, but are in no way limited to, the protocol orprotocols associated with near field communication (NFC), radiofrequency identification (RFID)(e.g., operating at 125 kHz, 13.56 kHz,etc.), Bluetooth® wireless communication, Bluetooth® Low Energy (BLE),Personal Area Network (PAN), Body Area Network (BAN), cellularcommunications, WiFi communications, and/or other wirelesscommunications.

In one embodiment, the reader may authenticate the mobile device card bycommunicating with a trusted credentials management system. Additionallyor alternatively, the authentication of a mobile device may include thereading device accessing a secure memory, whether located locally (e.g.,in the reading device, on a local area network, attached storage device,etc.) or remotely (e.g., in the cloud, across a communications network,or on a remote server memory, etc.), for authentication information. Insome cases, the authentication information may be at least a portion ofa cryptosystem, cryptographic key value, cryptographic hash function,public key, private key, combinations thereof, and/or the like. In anyevent, the authentication may utilize authentication informationprovided by the mobile device and authentication information stored in asecure/managed memory in determining an authentication match.

Once the mobile device card is authenticated, or authorized, the readingdevice may allow the mobile device to provide configuration information.In some cases, the reading device may provide the mobile device with anauthorization key that allows this configuring ability. Theauthorization key may be stored in a memory associated with the mobiledevice, the configuration application, etc.

In some embodiments, symmetric and/or asymmetric encryption may be usedin the transfer of information, verification of information,authentication of information, and/or storing information, etc. By wayof example, a public key may be stored on the mobile device which can beused for an administrative mode of operation, etc.

As provided herein, the mobile device may be configured to operate inconjunction with one or more reading devices. In some embodiments, thereading devices may be provided by a manufacturer different from themobile device. It is an aspect of the present disclosure that theconfiguration application may include instructions configured todetermine the manufacturer and/or type of the reading device and providethe necessary interface to a particular reading device based on thedetermined manufacturer and/or type.

The mobile device may include electronics that can be powered by areading device. One example of such electronics may be a mobile devicehaving MID components, (e.g., a capacitor, antenna, etc.). In thisexample, when the mobile device is presented within an RFID fieldprovided by the reading device, the reading device may provide energyvia the REID field that can be stored in the capacitor of the mobiledevice.

The term “computer-readable medium,” as used herein, refers to anytangible data storage medium that participates in providing instructionsto a processor for execution. Such a medium may take many forms,including but not limited to, non-volatile media, volatile media, andtransmission media. Non-volatile media includes, for example, NVRAM, ormagnetic or optical disks. Volatile media includes dynamic memory, suchas main memory. Common forms of computer-readable media include, forexample, a floppy disk, a flexible disk, hard disk, magnetic tape, orany other magnetic medium, magneto-optical medium, a CD-ROM, any otheroptical medium, punch cards, paper tape, any other physical medium withpatterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, a solidstate medium like a memory card, any other memory chip or cartridge, orany other medium from which a computer can read instructions. When thecomputer-readable medium is configured as part of a database, it is tobe understood that the database may be any type of database, such asrelational, hierarchical, object-oriented, and/or the like. Accordingly,the disclosure is considered to include a tangible storage medium ordistribution medium and prior art-recognized equivalents and successormedia, in which the software implementations of the present disclosureare stored.

As used herein, “credential information” is any data, set of data,encryption scheme, key, and/or transmission protocol used by aparticular device (e.g., a “credential device”) to authenticate and/orverify its authenticity with a reader, mobile device, and/orinterrogator.

The phrases “at least one”, “one or more”, and “and/or” are open-endedexpressions that are both conjunctive and disjunctive in operation. Forexample, each of the expressions “at least one of A, B and C”, “at leastone of A, B, or C”, “one or more of A, B, and C”, “one or more of A, B,or C” and “A, B, and/or C” means A alone, B alone, C alone, A and Btogether, A and C together, B and C together, or A, B and C together.When each one of A, B, and C in the above expressions refers to anelement, such as X, Y, and Z, or class of elements, such as X₁-X_(n),Y₁-Y_(m), and Z₁-Z_(o), the phrase is intended to refer to a singleelement selected from X, Y, and Z, a combination of elements selectedfrom the same class (e.g., X₁ and X₂) as well as a combination ofelements selected from two or more classes (e.g., Y₁ and Z_(o)).

The term “a” or “an” entity refers to one or more of that entity. Assuch, the terms “a” (or “an”), “one or more” and “at least one” can beused interchangeably herein. It is also to be noted that the terms“comprising”, “including”, and “having” can be used interchangeably.

The terms “determine,” “calculate,” and “compute,” and variationsthereof, as used herein, are used interchangeably and include any typeof methodology, process, mathematical operation, or technique.

The term “means” as used herein shall be given its broadest possibleinterpretation in accordance with 35 U.S.C., Section 112, Paragraph 6.Accordingly, a claim incorporating the term “means” shall cover allstructures, materials, or acts set forth herein, and all of theequivalents thereof. Further, the structures, materials or acts and theequivalents thereof shall include all those described in the summary ofthe invention, brief description of the drawings, detailed description,abstract, and claims themselves.

The term “module” as used herein refers to any known or later developedhardware, software, firmware, artificial intelligence, fuzzy logic, orcombination of hardware and software that is capable of performing thefunctionality associated with that element.

It should be understood that every maximum numerical limitation giventhroughout this disclosure is deemed to include each and every lowernumerical limitation as an alternative, as if such lower numericallimitations were expressly written herein. Every minimum numericallimitation given throughout this disclosure is deemed to include eachand every higher numerical limitation as an alternative, as if suchhigher numerical limitations were expressly written herein. Everynumerical range given throughout this disclosure is deemed to includeeach and every narrower numerical range that falls within such broadernumerical range, as if such narrower numerical ranges were all expresslywritten herein.

The preceding is a simplified summary of the disclosure to provide anunderstanding of some aspects of the disclosure. This summary is neitheran extensive nor exhaustive overview of the disclosure and its variousaspects, embodiments, and configurations. It is intended neither toidentify key or critical elements of the disclosure nor to delineate thescope of the disclosure but to present selected concepts of thedisclosure in a simplified form as an introduction to the more detaileddescription presented below. As will be appreciated, other aspects,embodiments, and configurations of the disclosure are possibleutilizing, alone or in combination, one or more of the features setforth above or described in detail below.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings are incorporated into and form a part of thespecification to illustrate several examples of the present disclosure.These drawings, together with the description, explain the principles ofthe disclosure. The drawings simply illustrate preferred and alternativeexamples of how the disclosure can be made and used and are not to beconstrued as limiting the disclosure to only the illustrated anddescribed examples. Further features and advantages will become apparentfrom the following, more detailed, description of the various aspects,embodiments, and configurations of the disclosure, as illustrated by thedrawings referenced below.

FIG. 1 is a diagram depicting an access control system in accordancewith embodiments of the present disclosure;

FIG. 2 is a block diagram depicting a mobile device or componentsthereof in accordance with embodiments of the present disclosure;

FIG. 3 is a flow chart depicting a method of configuring a readingdevice in accordance with embodiments of the present disclosure; and

FIG. 4 is a flow chart depicting a method of configuring a readingdevice in accordance with embodiments of the present disclosure.

DETAILED DESCRIPTION

Copyright and Legal Notices

A portion of the disclosure of this patent document contains materialwhich is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent files or records, but otherwise reserves all copyrightswhatsoever.

Before any embodiments of the disclosure are explained in detail, it isto be understood that the disclosure is not limited in its applicationto the details of construction and the arrangement of components setforth in the following description or illustrated in the followingdrawings. The disclosure is capable of other embodiments and of beingpracticed or of being carried out in various ways. Also, it is to beunderstood that the phraseology and terminology used herein is for thepurpose of description and should not be regarded as limiting. The useof “including,” “comprising,” or “having” and variations thereof hereinis meant to encompass the items listed thereafter and equivalentsthereof as well as additional items.

FIG. 1 is a diagram depicting an access control system 100 for keyingone or more reading devices 112A-N via a mobile device 108 in accordancewith embodiments of the present disclosure. In one embodiment, theaccess control system 100 comprises at least one reading device 112 anda portable communications, or mobile device 108. The reading device 112may include an access data memory 116. The access data memory 116 may beconfigured to store access information, identification data, rules,program instructions, and/or other data associated with performingaccess operations of an access control system 100. In some embodiments,the reading device 112 may be configured to communicate with an accessdata memory 116 across a communication network 128. The access datamemory 116 may be located remotely, locally, and/or locally andremotely, from the reading device 112. In one embodiment, the readingdevice 112 and/or the mobile device 108 may be configured to communicatewith a trusted credentials management system 132 across a communicationnetwork 128.

The mobile device 108 may be configured to communicate with a readingdevice 112 across one or more wireless communication connections. Theseone or more wireless communication connections can includecommunications via at least one of conventional radio protocols,proximity-based wireless communication protocols, Bluetooth™, NFC, RF,and other wireless communication networks and/or protocols. In somecases, communications between the mobile device 108 and the readingdevice 112 may be established automatically when the mobile device 108enters an active zone of an interrogating reading device 112.Additionally or alternatively, communications between the mobile device108 and the reading device 112 may be established automatically when themobile device 108 enters an active zone of an interrogating readingdevice 112. In one embodiment, the active zone of the reading device 112may be defined as a three-dimensional space where the intensity of RFsignals emitted by the reading device 112 exceeds a threshold ofsensitivity of the mobile device 108 and the intensity of RE signalsemitted by the mobile device 108 exceeds a threshold of sensitivity ofthe reading device 112.

In some embodiments, the mobile device 108 may be configured tocommunicate with a reading device 112 across a communication network128. The communication network 128 can include communication via atleast one of conventional radio networks, wireless communicationnetworks, Zig-Bee, GSM, CDMA, WiFi, and/or using other communicationnetworks and/or protocols as provided herein.

In one embodiment, authentication may be required between the mobiledevice 108 and the reading device 112 before further communications, oraccess controls, are enabled. In one embodiment, authentication may berequired between the mobile device 108 and the reading device 112 beforefurther communications, or access controls, are enabled. Additionally oralternatively, the further communications may provide communications inwhich access control information (e.g., keys, codes, credentials, etc.)are shared, provided, loaded, transferred, and/or stored, in someembodiments, the authentication may be provided via one-way or mutualauthentication. Examples of authentication may include, but are notlimited to, simple authentication based on site codes, trusted dataformats, shared secrets, and/or the like. As can be appreciated, accesscontrol information is more sensitive and may require more involvedvalidation via, for example, an encrypted exchange of access controlinformation.

In some embodiments, the reading device 112 may be configured to requestspecific setup information from the mobile device 108. This informationmay be used to grant or deny access to configuration settings, securememory, or other administrative controls for a user having the mobiledevice 108. In one embodiment, the information may be authenticatedand/or validated by referring to information stored in access datamemory 116 or some other memory associated with the reading device 112and/or trusted credentials management system 132. Validation may includereferring to information stored in access data memory 116 or some othermemory associated with the mobile device 108. Typically, a readingdevice 112 is associated with a particular asset (e.g., a doorprotecting access to a secure room, a computer lock protecting sensitiveinformation or computer files, a lock on a safe, and the like).

In accordance with embodiments of the present disclosure, the readingdevice 112 may receive one or more configuration instructions (e.g.,and/or other information etc.) from the mobile device 108 to configurespecific features associated with the reading device 112 and/or a lock114 associated with the reading device 112. In general, each readingdevice 112 may be configured to control and/or actuate a lock 114 orlocking system. This control and/or actuation may include energizing alocking element associated with the lock 114, selectively powering acomponent of the lock 114, or otherwise causing the lock 114 to allow orprevent access to an asset.

The access server 120 may include a processor, a memory, and one or moreinputs/outputs. The memory of the access server 120 may be used inconnection with the execution of application programming or instructionsby the processor, and for the temporary or long term storage of programinstructions and/or data. As examples, the memory may comprise RAM,DRAM, SDRAM, or other solid state memory. Additionally or alternatively,the access server 120 may communicate with an access data memory 116.Like the memory of the access server 120, the access data memory 116 maycomprise a solid state memory or devices. The access data memory 116 maycomprise a hard disk drive or other random access memory.

In some embodiments, the reading device 112 may be configured tocommunicate with one or more devices across a communication network 128.For example, the reading device 112 may communicate with a mobile device108 across the communication network 128. Among other things, thiscommunication can allow for back-end authentication and/or providenotifications from the reading device 112 to the mobile device 108. Insome embodiments, the reading device 112 may be configured toauthenticate a mobile device 108 (e.g., allowing configuration controls,etc.), via a trusted credentials management system 132. Thecommunication network 128 may comprise any type of known communicationmedium or collection of communication media and may use any type ofprotocols to transport messages between endpoints. The communicationnetwork 128 may include wired and/or wireless communicationtechnologies. The Internet is an example of the communication network128 that constitutes an Internet Protocol (IP) network consisting ofmany computers, computing networks, and other communication deviceslocated all over the world, which are connected through many telephonesystems and other means. Other examples of the communication network 128include, without limitation, a standard Plain Old Telephone System(POTS), an Integrated Services Digital Network (ISDN), the PublicSwitched Telephone Network (PSTN), a Local Area Network (LAN), a WideArea Network (WAN), a Session Initiation Protocol (SIP) network, a Voiceover Internet Protocol (VoIP) network, a cellular network, RS-232,similar networks used in access control systems between readers andcontrol panels, and any other type of packet-switched orcircuit-switched network known in the art. In addition, it can beappreciated that the communication network 128 need not be limited toany one network type, and instead may be comprised of a number ofdifferent networks and/or network types. Moreover, the communicationnetwork 128 may comprise a number of different communication media suchas coaxial cable, copper cable/wire, fiber-optic cable, antennas fortransmitting/receiving wireless messages, and combinations thereof.

In some embodiments, the access control system 100 may include at leastone communication device 124. A communication device 124 may include,but is not limited to, a mobile phone, smartphone, smart watch, softphone, telephone, intercom device, computer, tablet, mobile computer,alarm, bell, notification device, pager, and/or other device configuredto convert received electrical and/or communication signals. In oneembodiment, the communication device 124 may be used to receivecommunications sent from the mobile device 108, the reading device 112,and/or other device associated with the system 100.

FIG. 2 is a block diagram depicting a mobile device 108 in accordancewith embodiments of the present disclosure. The mobile device 108 mayinclude one or more components, such as, a memory 204, a processor 208,an antenna 212A-N, and a communications module 216. In some embodiments,the mobile device 108 may further include a power module, one or moreinput devices 220, a display device 224, and/or at least one outputdevice 232. The processor 208 may be an application specific integratedcircuit (ASIC), microprocessor, programmable controller, or the like. Ascan be appreciated, the communication device 124 may include similar, ifnot identical, components as those described in conjunction with themobile device 108.

The memory 204 of the mobile device 108 may be used in connection withthe execution of application programming or instructions by theprocessor 208, and for the temporary or long term storage of programinstructions and/or data. The memory 204 may contain executablefunctions that are used by the processor 208 to run other components ofthe mobile device 108. In one embodiment, the memory 204 may beconfigured to store credential information, application instructions,etc. For instance, the credential information may include, but is notlimited to, unique identifications, manufacturer identification,passwords, keys, encryption schemes, transmission protocols, and thelike. As another example, the memory 204 may be configured to storeinstructions for a configuration application as disclosed herein. Insome embodiments, the memory 204 may be configured to storeconfiguration information, identification information, authenticationinformation, and/or the like. As examples, the memory 204 may compriseRAM, DRAM, SDRAM, or other solid state memory.

The one or more antennas 212A-N may be configured to enable wirelesscommunications between the mobile device 108 and a reading device 112, acommunication device 124, and/or some other device. As can beappreciated, the antenna(s) 212A-N may be arranged to operate using oneor more wireless communication protocols and operating frequenciesincluding, but not limited to, Bluetooth®, NFC, Zig-Bee, GSM, CDMA, RF,and the like. By way of example, the antenna(s) 212A-N may be RFantenna(s), and as such, may transmit RF signals through free-space tobe received by a reading device 112 having an RF transceiver.

In some embodiments, the mobile device 108 may include a power module.The power module may be configured to provide power to the parts of themobile device 108 in order to operate. In some embodiments, the powermodule may store power in a capacitor of the power module. In oneembodiment, electronics in the power module may store energy in thecapacitor and turn off when an RF field is present. This arrangement canensure that energy is presented to the mobile device 108 minimizing anyeffect on read distance. Although the mobile device 108 may beconfigured to receive power passively from an electrical field of areading device 112, it should be appreciated that the mobile device 108may provide its own power. For example, the power module may include abattery or other power source to supply power to parts of the mobiledevice 108.

The mobile device 108 may include a communications module 216 that isconfigured to communicate with one or more different systems or deviceseither remotely or locally to the mobile device 108. Thus, thecommunications module 216 can send or receive messages to or fromreading devices 112, communication devices 124, access servers 120,trusted credentials management systems 132, access control systems, orother systems and/or devices. In some embodiments, the communicatedinformation may be provided to, or exchanged with, other componentswithin the mobile device 108.

The input devices 220 may include one or more of touch screens, buttons,switches, cameras, image sensors, microphones, accelerometers,gyroscopes, and the like. The input devices 220 may be configured toreceive input from a user or an environment in proximity to the mobiledevice 108. For example, the configuration application disclosed hereinmay be configured to present, or render, one or more options,selections, or the like to a touch screen of the mobile device 108. Thepresented information may be used to, among other things, configure areading device 112 and/or an associated lock 114. A user may interactwith the presented or rendered images by tapping, holding, swiping,spreading, or otherwise providing a touch input to at least one surfaceof the touch screen.

In some embodiments, the mobile device 108 may include a display device224. The display device 224 may include any device or physical structurethat enables the user to interact with the mobile device 108 by viewinginformation provided via a display. In one embodiment, the displaydevice 224 may be configured as a video display having an array ofpixels. Additionally or alternatively, the display device 224 may beconfigured as the touch screen described above.

The output devices 232 of the mobile device 108 may include at least oneof a speaker, vibration motor, light emitting element, other soundemitting element, and the like. In some embodiments, the output devices232 may be configured to provide an indication of some instructionprovided by the configuration application running via the mobile device108.

Referring now to FIG. 3, a flow chart depicting a method 300 ofconfiguring a reading device 112 is shown in accordance with embodimentsof the present disclosure. While a general order for the steps of themethod 300 is shown in FIG. 3, the method 300 can include more or fewersteps or can arrange the order of the steps differently than those shownin FIG. 3. Generally, the method 300 starts with a start operation 304and ends with an end operation 328. The method 300 can be executed as aset of computer-executable instructions executed by a computer systemand encoded or stored on a computer readable medium. Hereinafter, themethod 300 shall be explained with reference to the systems, components,modules, software, etc. described in conjunction with FIGS. 1-2.

The method 300 begins at step 304 and proceeds when a communication isestablished between a mobile device 108 and a reading device 112 (step308). The communication may be established automatically (e.g., withoutuser input) in response to the two devices 108, 112 being brought into acommunication range of one another. The communication may,alternatively, be established with the assistance of user input (e.g.,in response to receiving a user input that a particular pairing of thedevices 108, 112 should be effected). The mobile device 108 may beconfigured to communicate with a reading device 112 via one or morewireless protocols. The mobile device 108 may be configured to providesoftware, firmware, setup information, settings, keying information,updates, and/or other information to a reading device 112 for, amongother things, configuring the reading device 112 and/or a lock 114 in anaccess control system 100.

In some embodiments, the communication may be established when themobile device 108 enters a communication range of the reading device112. Additionally or alternatively, the communication may be establishedby the mobile device 108 sending an interrogation signal to the readingdevice. By way of example, a user may determine to configure aparticular reading device 112 and initiate a configuration applicationrunning via the mobile device 108. The configuration application, uponinitiation, may be configured to automatically send and/or receivecommunications to and/or from reading devices 112 in proximity to themobile device 108, via one or more components of the mobile device 108.In one embodiment, the configuration application may require an input tobe provided before the mobile device 108 and the configurationapplication searches for reading devices in a communication proximity.

Once communications are established between the mobile device 108 andthe reading device 112, the mobile device 108 may receive configurationinformation provided by the reading device 112 (step 312). In someembodiments, the reading device 112 may be configured to provide thisinformation in response to receiving a particular signal sent by themobile device 108. The signal sent by the mobile device 108 may includeauthentication and/or identification information of the mobile device108. This information may be required to authorize the mobile device 108and/or a request from the mobile device 108 for the configurationinformation. In one embodiment of the present disclosure theauthentication and/or identification information provided by the mobiledevice 108 may be authenticated by the reading device 112 communicatingthe information to a trusted credential management system 132. In thisexample, the trusted credentials management system 132 may send aconfirmation, for example that the mobile device 108 is authorized toprovide configuration instructions, to the reading device 112 across thecommunication network 128. Continuing this example, the reading device112 may enter a configuration mode, or allow configuration instructionsto be received from the mobile device 108.

In any event, the configuration information received by the mobiledevice 108 may include one or more of an identification, location,operating status, manufacturer, type, make, current settings, activefeatures, inactive features, versions of software and/or firmwareinstalled, types of software installed, and the like that are associatedwith the reading device 112. Among other things, the configurationinformation can be analyzed by the configuration application running viathe mobile device 108 to determine a configuration status of the readingdevice. The results of this analysis can provide valuable information tothe configuration application for configuration and/or curationpurposes.

The method 300 continues by determining the configuration and/orprogramming associated with the reading device 112 (step 316). Thisinformation may be determined from the configuration informationprovided by the reading device 112, as described above. Theconfiguration application of the mobile device 108 may determine that atleast one feature or aspect of the reading device needs to be configuredbased at least partially on the configuration information received. Forinstance, the configuration application may determine that the versionof firmware installed on the reading device 112 is older than, orincongruent with, an available and/or approved version listed in amemory associated with the mobile device 108. In this case, theconfiguration application may determine that an update to the firmwareis required. In the event that the configuration information, or theanalysis thereof, yields previously unknown or undetermined data, theconfiguration application may determine to perform a new initializationof the reading device 112 and/or mark the reading device 112 as having alack of sufficient configuration information. This result may bereported, for example across a communication network 128, to anotherdevice, third party, or server associated with the access control system100.

In some embodiments, the method 300 may continue by rendering readingdevice data, such as configuration information, results of an analysisof the configuration information, configuration recommendations, orother information, to a graphical user interface or display device 224of the mobile device 108 (step 320). Additionally or alternatively, thereading device 112 may communicate this reading device data to anotherdevice, third party, or server associated with the access control system100. The graphical user interface may be configured to present a userwith various options regarding configuring the reading device. In thiscase, when a user provides an input corresponding to at least one of thevarious options, the configuration application of the mobile device 108may proceed to provide instructions in accordance with the selectedoption(s)(e.g., to a reading device 112, etc.)

Next, the method 300 may proceed by configuring the reading device 112(step 324). The reading device 112 may be configured automaticallyaccording to one or more rules stored in a memory associated with themobile device 108 and/or the configuration application. In someembodiments, the reading device 112 may require a configurationauthorization code before allowing the mobile device 108 to configurethe reading device 112. In some cases, the configuration authorizationcode may be communicated to the mobile device 108 via the trustedcredentials management system 132. In one embodiment, this configurationauthorization code may be provided by the trusted credentials managementsystem 132 when the mobile device 108 is authorized, as described inconjunction with step 312. Additionally or alternatively, theconfiguration authorization code may be stored in a memory of the mobiledevice 108, whether the mobile device 108 has been preauthorized orauthorized as part of the communication with the reading device 112.Configuring the reading device 112 may include transmittinginstructions, information, and/or other data from the mobile device 108and/or another source to the reading device 112. In some cases, thereading device 112 may communicate to the mobile device 108 whether theconfiguration succeeded or failed.

The method 300 may optionally determine whether to store configurationinformation for the reading device 112 (step 326). The configurationinformation may include specific setup data, configuration preferences,selected upgrades and/or features, and/or any other data correspondingto a particular reading device 112, access control system 100,configuring mobile device, configuring user, time, etc., and/orcombinations thereof. When the method 300 determines that configurationinformation may be stored, the method 300 may proceed to step 332(continued and described in conjunction with FIG. 4). Otherwise, themethod 300 ends at step 328.

FIG. 4 is a flow chart depicting a method 400 of configuring a readingdevice 112 in accordance with embodiments of the present disclosure.While a general order for the steps of the method 400 is shown in FIG.4, the method 400 can include more or fewer steps or can arrange theorder of the steps differently than those shown in FIG. 4. Generally,the method 400 starts with a start operation and ends with an endoperation 428. The method 400 can be executed as a set ofcomputer-executable instructions executed by a computer system andencoded or stored on a computer readable medium. Hereinafter, the method400 shall be explained with reference to the systems, components,modules, software, etc. described in conjunction with FIGS. 1-3.

In some embodiments, the method 400 may continue from step 332 describedin conjunction with FIG. 3. The method 400 may proceed by storingconfiguration information for a reading device in a memory (step 404).In one embodiment, the memory may be associated with a server across acommunication network. This configuration information may correspond toa particular reading device type, brand, manufacturer, etc. Additionallyor alternatively, the configuration information may correspond to aparticular access control system, company, facility, time, installingprofessional, mobile device 108, etc., and/or combinations thereof insome embodiments, the configuration information may be setup, orarranged, by an administrator and stored in the memory for access by oneor more mobile devices in configuring reading devices 112 and/or locks114 in an access control system 100. In any event, the configurationinformation may be stored in a template format.

The method 400 may continue by determining whether a subsequent readingdevice is being configured (step 408). In some embodiments, thesubsequent reading device may correspond to another reading device thatis configured subsequent to the reading device 112 configured anddescribed in conjunction with FIG. 3. Additionally or alternatively, thesubsequent reading device may correspond to a reading device that isbeing configured subsequent to the configuration information beingstored in memory. In any event, configuring a subsequent reading devicemay commence when a communication is established between a mobile device108 and the subsequent reading device. This communication may besimilar, if not identical, to the communication described in conjunctionwith step 308 of FIG. 3.

Upon determining that the subsequent reading device is being configured,the method 400 may proceed by determining and/or receiving informationabout the subsequent reading device (step 412). This information mayinclude configuration information about the subsequent reading deviceincluding, but in no way limited to, manufacturer, model, serial number,type, capabilities, enrolled access control system, etc. Additionally oralternatively, the information may include other configurationinformation such as firmware installed, date of last update, date ofinstallation, installing entity, transfer rates, communicationabilities, etc. In some embodiments, the subsequent reading device maybe configured to provide this information in response to receiving aparticular signal sent by the mobile device 108. The signal sent by themobile device 108 may include authentication and/or identificationinformation of the mobile device 108. This information may be requiredto authorize the mobile device 108 and/or a request from the mobiledevice 108 for the configuration information from the subsequent readingdevice. In one embodiment of the present disclosure the authenticationand/or identification information provided by the mobile device 108 maybe authenticated by the subsequent reading device communicating theinformation to a trusted credential management system 132. In someembodiments, the subsequent reading device may enter a configurationmode, or allow configuration instructions to be received from the mobiledevice 108.

Next, the method 400 may continue by determining whether anyconfiguration information is available for the subsequent reading devicestored in the memory (step 416). In some embodiments, this determinationmay include the mobile device 108 communicating across a wirelesscommunication network to a server 128 and secure memory. For example, inresponse to determining the configuration information for the subsequentreading device in step 412, the mobile device 108 may search the memoryfor any matching or upgraded stored configuration information for thesubsequent reading device. If no matching or upgraded storedconfiguration information is available for the subsequent readingdevice, the method 400 may continue to step 424 and the mobile device108 may proceed to configure the subsequent reading device based oninput received at the mobile device 108.

In the event that matching or upgraded stored configuration informationis available for the subsequent reading device, the method 400 mayproceed by presenting the configuration information in a template formatto the mobile device 108. For example, the mobile device 108 may beconfigured to render to a display or graphical user interface that aconfiguration information template is available for use in configuringthe subsequent reading device. As provided above, this template may bearranged based on the configuration information, settings, and/orpreferences associated with a previous configuration. In one embodiment,the entire configuration for the subsequent reading device may be madeby selecting the appropriate configuration information template via themobile device 108. In some embodiments, the subsequent reading devicemay be automatically configured to match the template when configurationof the subsequent reading device is authorized and the template isvalidated.

Whether via a user selection input or an automatic configuration input,the method 400 continues by configuring the subsequent reading devicebased on the type of input received at the mobile device (step 424).Once configured based on a template, a mobile device 108 may bepermitted to alter specific configurable elements. In one embodiment,however, a mobile device 108 may be prohibited from changing specificelements or an arrangement thereof in the subsequent reading device.This selective permission may be based on a number of factors including,but in no way limited to, one or more an identification of the accesscontrol system for the subsequent reading device, the type of thesubsequent reading device, the configuring mobile device identification,etc. The method 400 may repeat at step 408 in configuring additionalreading devices or the method 400 may end at step 428.

The exemplary systems and methods of this disclosure have been describedin relation to devices, systems, and methods in an access controlsystem. However, to avoid unnecessarily obscuring the presentdisclosure, the preceding description omits a number of known structuresand devices. This omission is not to be construed as a limitation of thescopes of the claims. Specific details are set forth to provide anunderstanding of the present disclosure. It should, however, beappreciated that the present disclosure may be practiced in a variety ofways beyond the specific detail set forth herein. Moreover, it should beappreciated that the methods disclosed herein may be executed via awearable device, a mobile device, a reading device, a communicationdevice, and/or an access server of an access control system, etc.

Furthermore, while the exemplary aspects, embodiments, options, and/orconfigurations illustrated herein show the various components of thesystem collocated, certain components of the system can be locatedremotely, at distant portions of a distributed network, such as a LANand/or the Internet, or within a dedicated system. Thus, it should beappreciated, that the components of the system can be combined in to oneor more devices, such as a Personal Computer (PC), laptop, nethook,smart phone, Personal Digital Assistant (PDA), tablet, etc., orcollocated on a particular node of a distributed network, such as ananalog and/or digital telecommunications network, a packet-switchnetwork, or a circuit-switched network. It will be appreciated from thepreceding description, and for reasons of computational efficiency, thatthe components of the system can be arranged at any location within adistributed network of components without affecting the operation of thesystem. For example, the various components can be located in a switchsuch as a PBX and media server, gateway, in one or more communicationsdevices, at one or more users' premises, or some combination thereof.Similarly, one or more functional portions of the system could bedistributed between a telecommunications device(s) and an associatedcomputing device.

Furthermore, it should be appreciated that the various links connectingthe elements can be wired or wireless links, or any combination thereof,or any other known or later developed element(s) that is capable ofsupplying and/or communicating data to and from the connected elements.These wired or wireless links can also be secure links and may becapable of communicating encrypted information. Transmission media usedas links, for example, can be any suitable carrier for electricalsignals, including coaxial cables, copper wire and fiber optics, and maytake the form of acoustic or light waves, such as those generated duringradio-wave and infra-red data communications.

Also, while the flowcharts have been discussed and illustrated inrelation to a particular sequence of events, it should be appreciatedthat changes, additions, and omissions to this sequence can occurwithout materially affecting the operation of the disclosed embodiments,configuration, and aspects.

A number of variations and modifications of the disclosure can be used.It would be possible to provide for some features of the disclosurewithout providing others.

Optionally, the systems and methods of this disclosure can beimplemented in conjunction with a special purpose computer, a programmedmicroprocessor or microcontroller and peripheral integrated circuitelement(s), an ASIC or other integrated circuit, a digital signalprocessor, a hard-wired electronic or logic circuit such as discreteelement circuit, a programmable logic device or gate array such as PLD,PLA, FPGA, PAL, special purpose computer, any comparable means, or thelike. In general, any device(s) or means capable of implementing themethodology illustrated herein can be used to implement the variousaspects of this disclosure. Exemplary hardware that can be used for thedisclosed embodiments, configurations and aspects includes computers,handheld devices, telephones (e.g., cellular, Internet enabled, digital,analog, hybrids, and others), and other hardware known in the art. Someof these devices include processors (e.g., a single or multiplemicroprocessors), memory, nonvolatile storage, input devices, and outputdevices. Furthermore, alternative software implementations including,but not limited to, distributed processing or component/objectdistributed processing, parallel processing, or virtual machineprocessing can also be constructed to implement the methods describedherein.

In yet another embodiment, the disclosed methods may be readilyimplemented in conjunction with software using object or object-orientedsoftware development environments that provide portable source code thatcan be used on a variety of computer or workstation platforms.Alternatively, the disclosed system may be implemented partially orfully in hardware using standard logic circuits or VLSI design. Whethersoftware or hardware is used to implement the systems in accordance withthis disclosure is dependent on the speed and/or efficiency requirementsof the system, the particular function, and the particular software orhardware systems or microprocessor or microcomputer systems beingutilized.

In yet another embodiment, the disclosed methods may be partiallyimplemented in software that can be stored on a storage medium, executedon programmed general-purpose computer with the cooperation of acontroller and memory, a special purpose computer, a microprocessor, orthe like. In these instances, the systems and methods of this disclosurecan be implemented as program embedded on personal computer such as anapplet, JAVA® or CGI script, as a resource residing on a server orcomputer workstation, as a routine embedded in a dedicated measurementsystem, system component, or the like. The system can also beimplemented by physically incorporating the system and/or method into asoftware and/or hardware system.

Although the present disclosure describes components and functionsimplemented in the aspects, embodiments, and/or configurations withreference to particular standards and protocols, the aspects,embodiments, and/or configurations are not limited to such standards andprotocols. Other similar standards and protocols not mentioned hereinare in existence and are considered to be included in the presentdisclosure. Moreover, the standards and protocols mentioned herein andother similar standards and protocols not mentioned herein areperiodically superseded by faster or more effective equivalents havingessentially the same functions. Such replacement standards and protocolshaving the same functions are considered equivalents included in thepresent disclosure.

The present disclosure, in various aspects, embodiments, and/orconfigurations, includes components, methods, processes, systems and/orapparatus substantially as depicted and described herein, includingvarious aspects, embodiments, configurations embodiments,subcombinations, and/or subsets thereof. Those of skill in the art willunderstand how to make and use the disclosed aspects, embodiments,and/or configurations after understanding the present disclosure. Thepresent disclosure, in various aspects, embodiments, and/orconfigurations, includes providing devices and processes in the absenceof items not depicted and/or described herein or in various aspects,embodiments, and/or configurations hereof, including in the absence ofsuch items as may have been used in previous devices or processes, e.g.,for improving performance, achieving ease and/or reducing cost ofimplementation.

The foregoing discussion has been presented for purposes of illustrationand description. The foregoing is not intended to limit the disclosureto the form or forms disclosed herein. In the foregoing DetailedDescription for example, various features of the disclosure are groupedtogether in one or more aspects, embodiments, and/or configurations forthe purpose of streamlining the disclosure. The features of the aspects,embodiments, and/or configurations of the disclosure may be combined inalternate aspects, embodiments, and/or configurations other than thosediscussed above. This method of disclosure is not to be interpreted asreflecting an intention that the claims require more features than areexpressly recited in each claim. Rather, as the following claimsreflect, inventive aspects lie in less than all features of a singleforegoing disclosed aspect, embodiment, and/or configuration. Thus, thefollowing claims are hereby incorporated into this Detailed Description,with each claim standing on its own as a separate preferred embodimentof the disclosure.

Moreover, though the description has included description of one or moreaspects, embodiments, and/or configurations and certain variations andmodifications, other variations, combinations, and modifications arewithin the scope of the disclosure, e.g., as may be within the skill andknowledge of those in the art, after understanding the presentdisclosure. It is intended to obtain rights which include alternativeaspects, embodiments, and/or configurations to the extent permitted,including alternate, interchangeable and/or equivalent structures,functions, ranges or steps to those claimed, whether or not suchalternate, interchangeable and/or equivalent structures, functions,ranges or steps are disclosed herein, and without intending to publiclydedicate any patentable subject matter.

Embodiments include a method, comprising: receiving, from a readingdevice in an access control system, configuration informationcorresponding to a configuration status of the reading device;determining, by a configuration application running via a mobile device,a configuration of the reading device based at least partially on theconfiguration information received; determining, by the configurationapplication running via the mobile device, that the configuration of thereading device requires at least one change; and sending, via the mobiledevice, a configuration instruction to the reading device, theconfiguration instruction configured to change at least one feature ofthe reading device.

Aspects of the above method include wherein prior to receiving theconfiguration information, the method further comprises: initiating theconfiguration application via the mobile device; and interrogating,automatically and in response to initiating the configurationapplication, the reading device for the configuration information.Aspects of the above method include wherein the configurationinformation is received in response to a user providing an interrogationinput via the mobile device, the interrogation input configured to senda request to the reading device for the configuration information.Aspects of the above method include wherein the configuration statusincludes at least one of an identification, location, operating status,manufacturer, type, make, current settings, active features, inactivefeatures, versions of software installed, versions of firmwareinstalled, and types of software installed on the reading device.Aspects of the above method include wherein the configurationinformation is received from the reading device that is in wirelesscommunication with the mobile device. Aspects of the above methodinclude wherein prior to sending the configuration instruction to thereading device, the mobile device is configured to present configurationoptions via a graphical user interface rendered to a display associatedwith the mobile device. Aspects of the above method include wherein thegraphical user interface is configured as a template specific to aparticular type of the reading device. Aspects of the above methodinclude wherein prior to receiving the configuration information, themethod further comprises: providing a configuration authorization codeto the reading device that is configured to authenticate the mobiledevice and allow the mobile device to configure the reading device.Aspects of the above method include wherein the configurationauthorization code is provided by the mobile device. Aspects of theabove method include wherein the configuration authorization code isprovided by a trusted credentials management system that is configuredas a server remotely located across a communication network from thereading device. Aspects of the above method include a full mutualauthentication comprising an installer application carrying a credentialand authenticating with an administrator car and/or setup card, whereinthe authentication enables a programming mode for the reading deviceallowing configuration of the reading device via the installerapplication. Aspects of the above method include wherein the installerapplication is running on the mobile device. Aspects of the above methodfurther comprise: storing, in a memory of the access control system, aconfiguration for one or more reading devices in the access controlsystem. Aspects of the above method include wherein the configurationfor one or more reading devices includes information corresponding to asetup for the one or more reading devices, doors, and/or access pointsin the access control system. Aspects of the above method includewherein the memory is a database accessible across a communicationnetwork. Aspects of the above method include wherein the memory is partof a cloud or remote server platform. Aspects of the above methodfurther comprise: storing, in a memory of the access control system, aconfiguration template including a changed configuration for the readingdevice. Aspects of the above method further comprise: receiving, from asubsequent reading device in the access control system, configurationinformation corresponding to a configuration status of the subsequentreading device; determining, by the configuration application runningvia the mobile device, that the configuration template stored in thememory applies to the subsequent reading device; determining, by theconfiguration application running via the mobile device, that theconfiguration of the subsequent reading device requires at least onechange included in the configuration template; and sending, via themobile device, a template configuration instruction to the subsequentreading device, the template configuration instruction configured tochange features of the subsequent reading device to match the changedconfiguration in the configuration template.

Embodiments include a non-transitory computer readable medium havingstored thereon instructions that, when executed by a processor, performone or more of the methods above.

Embodiments include an access control system, comprising: a mobiledevice, comprising: a processor; and a memory having stored thereoninstructions that, when executed by the processor, wirelesslyinterrogates a device for configuration information and based on theconfiguration information determines whether to send configurationinstructions to the device, the configuration instructions configured tochange at least one feature of the device; and a reading deviceconfigured to provide the configuration information in response toreceiving an interrogation signal provided by the mobile device.

Aspects of the above system include wherein the reading device isfurther configured to authenticate the mobile device prior to providingthe configuration information. Aspects of the above system includewherein the reading device is configured to exchange communications witha trusted credentials management system in authenticating the mobiledevice, and wherein the authentication includes determining whether themobile device is authorized to provide configuration controlinstructions to the reading device. Aspects of the above system includewherein the trusted credentials management system is configured as aserver remotely located across a communication network from the readingdevice. Aspects of the above system include wherein the trustedcredentials management system provides a configuration authorizationcode to at least one of the mobile device and the reading device.

Embodiments include a mobile device, comprising: a processor; anantenna; a communications module; and a memory having stored thereoninstructions that, when executed by the processor, interrogates a devicefor configuration information via a wireless interrogation signaltransmitted via the antenna, receives configuration informationcorresponding to a configuration status of the device via the antenna,determines a configuration of the device, communicates, across awireless communication network via the communications module, with anaccess control server for available configuration information templatesfor the device, and determines whether to send configurationinstructions that are configured to change at least one firmware featureinstalled on the device based on at least one of the configurationinformation templates.

Aspects of the above mobile device further comprise: a display deviceconfigured to render available configuration options for the device in agraphical user interface, wherein at least one element rendered to thegraphical user interface identifies one or more configuration templatesthat are available remotely on the access control server.

Any of the steps, functions, and operations discussed herein can beperformed continuously and automatically.

Examples of the processors as described herein may include, but are notlimited to, at least one of Qualcomm® Snapdragon® 800 and 801, Qualcomm®Snapdragon® 610 and 615 with 4G LTE Integration and 64-bit computing,Apple® A7 processor with 64-bit architecture, Apple® M7 motioncoprocessors, Samsung® Exynos® series, the Intel® Core™ family ofprocessors, the Intel® Xeon® family of processors, the Intel® AMD™family of processors, the Intel Itanium® family of processors, Intel®Core® i5-4670K and i7-4770K 22 nm Haswell, Intel® Core® i5-3570K 22 nmIvy Bridge, the AMD® FX™ family of processors, AMD® FX-4300, FX-6300,and FX-8350 32 nm Vishera, AMD® Kaveri processors, Texas Instruments®Jacinto C6000™ automotive infotainment processors, Texas Instruments®OMAP™ automotive-grade mobile processors, ARM® Cortex™-M processors,ARM® Cortex-A and ARM926EJ-S™ processors, other industry-equivalentprocessors, and may perform computational functions using any known orfuture-developed standard, instruction set, libraries, and/orarchitecture.

What is claimed is:
 1. A method, comprising: receiving, from a readingdevice in an access control system, configuration informationcorresponding to a configuration status of the reading device;determining, by a configuration application running via a mobile device,a configuration of the reading device based at least partially on theconfiguration information received; determining, by the configurationapplication running via the mobile device, that the configuration of thereading device requires at least one change; and sending, via the mobiledevice, a configuration instruction to the reading device, theconfiguration instruction configured to change at least one feature ofthe reading device.
 2. The method of claim 1, wherein prior to receivingthe configuration information, the method further comprises: initiatingthe configuration application via the mobile device; and interrogating,automatically and in response to initiating the configurationapplication, the reading device for the configuration information. 3.The method of claim 1, wherein the configuration information is receivedin response to a user providing an interrogation input via the mobiledevice, the interrogation input configured to send a request to thereading device for the configuration information.
 4. The method of claim1, wherein the configuration status includes at least one of anidentification, location, operating status, manufacturer, type, make,current settings, active features, inactive features, versions ofsoftware installed, versions of firmware installed, and types ofsoftware installed on the reading device.
 5. The method of claim 1,wherein the configuration information is received from the readingdevice that is in wireless communication with the mobile device.
 6. Themethod of claim 1, wherein prior to sending the configurationinstruction to the reading device, the mobile device is configured topresent configuration options via a graphical user interface rendered toa display associated with the mobile device.
 7. The method of claim 6,wherein the graphical user interface is configured as a templatespecific to a particular type of the reading device.
 8. The method ofclaim 1, wherein prior to receiving the configuration information, themethod further comprises: providing a configuration authorization codeto the reading device that is configured to authenticate the mobiledevice and allow the mobile device to configure the reading device. 9.The method of claim 8, wherein the configuration authorization code isprovided by the mobile device.
 10. The method of claim 8, wherein theconfiguration authorization code is provided by a trusted credentialsmanagement system that is configured as a server remotely located acrossa communication network from the reading device.
 11. The method of claim1, further comprising: storing, in a memory of the access controlsystem, a configuration template including a changed configuration forthe reading device.
 12. The method of claim 11, further comprising:receiving, from a subsequent reading device in the access controlsystem, configuration information corresponding to a configurationstatus of the subsequent reading device; determining, by theconfiguration application running via the mobile device, that theconfiguration template stored in the memory applies to the subsequentreading device; determining, by the configuration application runningvia the mobile device, that the configuration of the subsequent readingdevice requires at least one change included in the configurationtemplate; and sending via the mobile device, a template configurationinstruction to the subsequent reading device, the template configurationinstruction configured to change features of the subsequent readingdevice to match the changed configuration in the configuration template.13. A non-transitory computer readable medium having stored thereoninstructions that, when executed by a processor, perform the method ofclaim
 1. 14. An access control system, comprising: a mobile device,comprising: a processor; and a memory having stored thereon instructionsthat, when executed by the processor, wirelessly interrogates a devicefor configuration information and based on the configuration informationdetermines whether to send configuration instructions to the device, theconfiguration instructions configured to change at least one feature ofthe device; and a reading device configured to provide the configurationinformation in response to receiving an interrogation signal provided bythe mobile device.
 15. The access control system of claim 14, whereinthe reading device is further configured to authenticate the mobiledevice prior to providing the configuration information.
 16. The accesscontrol system of claim 15, wherein the reading device is configured toexchange communications with a trusted credentials management system inauthenticating the mobile device, and wherein the authenticationincludes determining whether the mobile device is authorized to provideconfiguration control instructions to the reading device.
 17. The accesscontrol system of claim 16, wherein the trusted credentials managementsystem is configured as a server remotely located across a communicationnetwork from the reading device.
 18. The access control system of claim16, wherein the trusted credentials management system provides aconfiguration authorization code to at least one of the mobile deviceand the reading device.
 19. A mobile device, comprising: a processor; anantenna; a communications module; and a memory having stored thereoninstructions that, when executed by the processor, interrogates a devicefor configuration information via a wireless interrogation signaltransmitted via the antenna, receives configuration informationcorresponding to a configuration status of the device via the antenna,determines a configuration of the device, communicates, across awireless communication network via the communications module, with anaccess control server for available configuration information templatesfor the device, and determines whether to send configurationinstructions that are configured to change at least one firmware featureinstalled on the device based on at least one of the configurationinformation templates.
 20. The mobile device of claim 19, furthercomprising: a display device configured to render availableconfiguration options for the device in a graphical user interface,wherein at least one element rendered to the graphical user interfaceidentifies one or more configuration templates that are availableremotely on the access control server.